Storage Red Hat Storage

Do you want an email whenever new security vulnerabilities are reported in Red Hat Storage?

Recent Red Hat Storage Security Advisories

Advisory Title Published
RHSA-2022:6024 (RHSA-2022:6024) Moderate: New container image for Red Hat Ceph Storage 5.2 Security update August 9, 2022
RHSA-2022:5997 (RHSA-2022:5997) Moderate: Red Hat Ceph Storage Security, Bug Fix, and Enhancement Update August 9, 2022
RHSA-2022:1716 (RHSA-2022:1716) Moderate: Red Hat Ceph Storage 4.3 Security and Bug Fix update May 5, 2022
RHSA-2022:1394 (RHSA-2022:1394) Important: Red Hat Ceph Storage 3 Security and Bug Fix update April 19, 2022
RHSA-2022:1174 (RHSA-2022:1174) Moderate: Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update April 4, 2022
RHSA-2022:0308 (RHSA-2022:0308) Moderate: OpenShift Container Storage 3.11.z security and bug fix update January 27, 2022
RHSA-2021:4845 (RHSA-2021:4845) Moderate: Red Hat OpenShift Container Storage 4.8.5 Security and Bug Fix Update November 29, 2021
RHSA-2021:3748 (RHSA-2021:3748) Moderate: OpenShift Container Storage 3.11.z Container Images Security and Bug Fix Update October 7, 2021
RHSA-2021:2445 (RHSA-2021:2445) Important: Red Hat Ceph Storage 4.2 Security and Bug Fix Update June 17, 2021
RHSA-2021:2479 (RHSA-2021:2479) Moderate: Red Hat OpenShift Container Storage 4.6.5 security and bug fix update June 17, 2021

By the Year

In 2022 there have been 2 vulnerabilities in Red Hat Storage with an average score of 7.1 out of ten. Storage did not have any published security vulnerabilities last year. That is, 2 more vulnerabilities have already been reported in 2022 as compared to last year.

Year Vulnerabilities Average Score
2022 2 7.05
2021 0 0.00
2020 4 5.70
2019 0 0.00
2018 0 0.00

It may take a day or so for new Storage vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Red Hat Storage Security Vulnerabilities

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix

CVE-2022-26148 9.8 - Critical - March 21, 2022

An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.

Cleartext Storage of Sensitive Information

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition

CVE-2021-44141 4.3 - Medium - February 21, 2022

All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.

insecure temporary file

A flaw was found in the way samba handled file and directory permissions

CVE-2020-14318 4.3 - Medium - December 03, 2020

A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.

Incorrect Privilege Assignment

A NULL pointer dereference

CVE-2020-10730 6.5 - Medium - July 07, 2020

A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in versions before 4.10.17, before 4.11.11 and before 4.12.4. Although some versions of Samba shipped with Red Hat Enterprise Linux do not support Samba in AD mode, the affected code is shipped with the libldb package. This flaw allows an authenticated user to possibly trigger a use-after-free or NULL pointer dereference. The highest threat from this vulnerability is to system availability.

NULL Pointer Dereference

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules

CVE-2020-10685 5.5 - Medium - May 11, 2020

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble.

Insufficient Cleanup

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained

CVE-2019-14907 6.5 - Medium - January 21, 2020

All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).

Out-of-bounds Read

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which

CVE-2014-0224 7.4 - High - June 05, 2014

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.

Inadequate Encryption Strength

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets

CVE-2014-0160 7.5 - High - April 07, 2014

The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.CVSS V2 scoring evaluates the impact of the vulnerability on the host where the vulnerability is located. When evaluating the impact of this vulnerability to your organization, take into account the nature of the data that is being protected and act according to your organizations risk acceptance. While CVE-2014-0160 does not allow unrestricted access to memory on the targeted host, a successful exploit does leak information from memory locations which have the potential to contain particularly sensitive information, e.g., cryptographic keys and passwords. Theft of this information could enable other attacks on the information system, the impact of which would depend on the sensitivity of the data and functions of that system.

Buffer Overflow

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which

CVE-2012-0876 - July 03, 2012

The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML file with many identifiers with the same value.

Resource Exhaustion

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10

CVE-2012-1938 - June 05, 2012

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before 2.10 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and unknown other components.

ImageMagick 6.7.5-7 and earlier

CVE-2012-0247 8.8 - High - June 05, 2012

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via crafted offset and count values in the ResolutionUnit tag in the EXIF IFD0 of an image.

Improper Input Validation

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags

CVE-2012-0248 5.5 - Medium - June 05, 2012

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the IDF.

Infinite Loop

The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3

CVE-2012-0260 6.5 - Medium - June 05, 2012

The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (memory consumption) via a JPEG image with a crafted sequence of restart markers.

Resource Exhaustion

The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3

CVE-2012-1798 6.5 - Medium - June 05, 2012

The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick before 6.7.6-3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted EXIF IFD in a TIFF image.

Out-of-bounds Read

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Red Hat Enterprise Linux Workstation or by Red Hat? Click the Watch button to subscribe.

Red Hat
Vendor

subscribe